Re: can't ssh to Cisco ASA 5505 - Page 2

mikejgalovich · ‎06-28-2009

Hi, I can't seem to ssh to my 5505, even though I think I have it setup properly. Below is part of the config, can someone tell me what is wrong?

domain-name windriverdev.com

access-list 101 extended permit ip 192.168.1.0 255.255.255.0 10.10.10.0 255.255.

255.0

access-list vpnclient extended permit ip 192.168.1.0 255.255.255.0 10.10.10.0 25

5.255.255.0

access-list nonat extended permit ip 192.168.1.0 255.255.255.0 10.10.10.0 255.25

5.255.0

access-list acl_in extended permit tcp any host 69.3.19.242 eq 3389

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

mtu dmz 1500

ip local pool clients 10.10.10.100-10.10.10.150

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-524.bin

no asdm history enable

arp timeout 14400

global (outside) 1

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp interface 3389 192.168.1.90 3389 netmask 255.255.255

.255

route outside 0.0.0.0 0.0.0.0 69.3.19.241 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

http server ena

http 192.168.1.0 255.255.255.0 insideng, statistics or sta

no snmp-server location

dh

no snmp-server contactHCP Relay Agent state,

snmp-server community asa

snmp-server enable traps snmp authentication linkup linkdown coldstart

disk0: Display information ab

snmp-server enable traps syslog

crypto ipsec transform-set national esp-3des esp-md5-hmac

dns-hosts Show DNS ho

crypto ipsec transform-set myset esp-des esp-md5-hmac

failover

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

cisc

hostname Sho

crypto dynamic-map national 20 set transform-set myset

crypto isakmp identity addressof Interface Descriptor Blocks

crypto isakmp enable outside

crypto isakmp p

cisco

encryption 3des

hash sha

group 2erface

lifetime 86400erface status i

crypto isakmp nat-traversal 20

telnet 192.168.1.0 255.255.255.0 insideventory information for all slots

telnet timeout 5

ssh 0.0.0.0 0.0.0.0 outsidensi

Platform ASA55

ssh timeout 5p

console timeout 0ss, IDS statistic

!e

class-map inspection_defaultt.ecs (3316 bytes/sec)change

match default-inspection-traffic

Star Sulaiman · ‎01-17-2019

Hello John,

yes I have please see below,

aaa authentication ssh console LOCAL
crypto key generate rsa modulus 2048

paul driver · ‎01-17-2019

Hello
The OP was @mikejgalovich but it seems @Star Sulaiman also posted - so are both of you experiencing the same issue

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts · ‎01-17-2019

Paul

Mike was the original poster and Star has camped on to an old discussion to ask his question. Since it was never clarified exactly what the problem really was for Mike it is difficult to say whether they are exactly the same problem. I believe that there is a very good chance that the real issue for Star is that the interface that he is connected to does not match the interface listed in the command that enables ssh - waiting for Star to confirm whether this is the case or not. But since both are asking about problems connecting using ssh then they seem somewhat closely related.

HTH

Rick

HTH

Rick

Star Sulaiman · ‎01-17-2019

Hello Paul,

The problem solved with Rick's recommendation. Thank you

paul driver · ‎01-18-2019

Hello Star

Excellent news - can you mark the post as solved and rate Ricks support please

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Star Sulaiman · ‎01-22-2019

Hello Paul,

I believe I have rated Rick's comment and added solved.

I am new to use the community if I have missed something please guide me how to do it.

Thank you.

Regards,

Star

Richard Burts · ‎01-22-2019

Star

You have indeed rated my suggestions and have stated that it did solve your issue. And thank you for that. Paul has suggested that you mark the question as solved. However the way that the community is operating is that only the person who posted the original question is able to mark the questions as "solved". You have not missed anything and there is not anything else that you can reasonably do for this discussion. I do hope to see you continue to be active in the community.

HTH

Rick

HTH

Rick

Brad_Shawh · ‎03-03-2020

aaa authentication ssh console LOCAL

This worked for me, thank you.